1. Controller
The controller responsible for data processing regarding the provision of the website, log files, and cookies is:
K+S Aktiengesellschaft
Bertha-von-Suttner-Straße 7
34131 Kassel
Germany
Phone +49 561 9301 0
Contact: datenschutz@k-plus-s.com
The entity responsible for data processing with regard to applications is:
In the case of job advertisements by K+S Minerals and Agriculture GmbH, this company jointly with K+S Aktiengesellschaft. The contact details are identical to those of K+S Aktiengesellschaft.
In the case of job advertisements from other companies in the K+S Group, the company that advertised the respective position is responsible. The respective contact details can be found under Worldwide | K+S Aktiengesellschaft.
2. Data Protection Officer
You can contact the data protection officers of K+S Aktiengesellschaft and K+S Minerals and Agriculture GmbH as follows:
Boris Reibach
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
D-53113 Bonn
Germany
Phone: 0228/2272260
Contact: https://www.scheja-partners.de/kontakt/kontakt.html
3. Your rights as a data subject
As a data subject, you have the following rights under the General Data Protection Regulation (GDPR), provided that the respective legal requirements are met:
- Information (Art. 15 GDPR): You have the right to obtain information about the personal data processed concerning you.
- Rectification (Art. 16 GDPR): You can request the rectification of inaccurate personal data concerning you. You can also request the completion of incomplete data.
- Erasure (Art. 17 GDPR): In certain cases, you can request the erasure of your personal data.
- Restriction of processing (Art. 18 GDPR): In certain cases, you can request that the processing of your data be restricted.
- Data portability (Art. 20 GDPR): If you have provided data on the basis of a contract or consent and the processing is carried out using automated procedures, you may request that you receive the data you have provided in a structured, commonly used and machine-readable format or that it be transmitted to another controller.
Right to object on a case-by-case basis:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (balancing of interests), including profiling based on those provisions.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
- Withdrawal of consent (Art. 7 para. 3 GDPR): If you have given your consent to the processing of your data, you can withdraw this at any time with effect for the future. This does not affect the lawfulness of the processing of your data until you withdraw your consent.
You can revoke your consent to cookies in the cookie settings. If you give your consent for individual services on our website, you will receive further information on revocation options when giving your consent and under section 5 (“Exercise of revocation”).
Assertion of your rights:
To exercise all of your aforementioned rights, please contact datenschutz@k-plus-s.com or send a letter to the address given in section 1 above. Please ensure that we are able to clearly identify you.
If you are of the opinion that the processing of your personal data violates data protection law, you can also lodge a complaint with a supervisory authority, in particular in the EU Member State or federal state of your habitual residence, place of work or the place of the alleged violation you are complaining about.
This also applies to the supervisory authority responsible for us:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany
Phone: +49 611 1408-0
E-mail: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de/
4. Details on integrated services and functionalities
4.1. Own services
4.1.1. Provision of the website
| Processed personal data: | Visited website, date and time at the time of access, - Amount of data sent in bytes, source/reference from which you came to the page (click path), operating system used, IP address used, browser information, browser plug-ins, time zone. |
| Purpose: | Provision of the website |
| Legal basis: | Art. 6 para. 1 lit. f) GDPR (balancing of interests). We pursue the legitimate interest of providing our website. |
| Recipient of the personal data: | Processor for the hosting of our website: Workday Limited, The Kings Building, Church Street 152-155 D07 A0TN Dublin, Irland |
| Third country transfer: | In principle, data processing takes place within the EU. It is possible that our processor may transfer the data transferred to it to companies based in third countries in order to perform the above-mentioned processing activities. For this data transfer, our processor assures us that the conditions set out in Chapter V of the GDPR will be complied with. Copies of the corresponding guarantees can be obtained from the contact details provided in Section 1. |
| Storage period of personal data: | We do not store any data for displaying the website; log files are stored for 30 days for the purposes mentioned under "Logfiles". |
4.1.2. Logfiles
| Processed personal data: | Visited website, date and time at the time of access, - Amount of data sent in bytes, source/reference from which you reached the page (click path), operating system used, IP address used, browser information, browser plugins, time zone. |
| Purpose: | System security (e.g. prevention of misuse), error diagnosis. |
| Legal basis: | Art. 6 para. 1 lit. f) GDPR (balancing of interests). We pursue the legitimate interest in system security (e.g. prevention of misuse) and error diagnosis. Art. 6 para. 1 lit. c) GDPR (compliance with a legal obligation). This includes disclosures to government agencies upon request. |
| Recipient of the personal data: | Internal departments, contract processors for the hosting and further development of our website, government agencies on request. |
| Third country transfer: | Third country transfer: In principle, data processing takes place within the EU. It is possible that our processor may transfer the data transferred to it to companies based in third countries in order to perform the above-mentioned processing activities. For this data transfer, our processor assures us that the conditions set out in Chapter V of the GDPR will be complied with. Copies of the relevant guarantees can be obtained from the contact details provided in Section 1. |
| Storage period of personal data: | 30 days. |
4.1.3. Application
| Processed personal data: | Personal data required for a well-founded assessment of your suitability for the position to be filled, including general information such as name, address, and contact details, as well as performance-related evidence and, if applicable, health-related information (e.g., disability status). Details can be found in the respective job advertisement. In audio and video conferences, we process data related to web meetings, such as user data, audio and video data, contributions, and content shared by you during the web meeting. Initial contact: Response to the question of how you learned about the job advertisement. |
| Purpose: |
|
| Legal basis: | Art. 6 para. 1 lit. b) GDPR, for conducting the application process and, if applicable, for executing or terminating the employment relationship. Regarding special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about disability status): also § 26 para. 3 sentence 1 BDSG, Art. 9 para. 2 lit. b) GDPR, to exercise our rights and obligations arising from labor law and social security and social protection law. As far as it is necessary to assert or defend legal claims arising from the application process: Art. 6 para. 1 lit. f) GDPR. Our legitimate interests lie in being able to prove the lawful conduct of the application process in any proceedings. We may also process special categories of personal data in this context based on Art. 9 para. 2 lit. f) GDPR. Data processing for inclusion in the candidate pool is based on Art. 6 para. 1 lit. a) GDPR (consent) in conjunction with § 26 para. 2 BDSG. If we also process special categories of personal data based on your consent, data processing is also based on Art. 9 para. 2 lit. a) GDPR in conjunction with § 26 para. 2, 3 BDSG. You have the right to withdraw your consent at any time. We will then no longer process your personal data based on the consent. However, the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. Therefore, processing remains lawful even after the withdrawal. To withdraw your consent, please contact the contact person known to you. Data processing for proof of your consent is based on Art. 6 para. 1 lit. c) in conjunction with Art. 5 para. 1 lit. a), para. 2, Art. 7 para. 1 GDPR. Initial contact: Our legitimate interest according to Art. 6 para. 1 lit. f) GDPR in improving our communication channels. |
| Recipient of the personal data: | Your data can be viewed by employees of our personnel units, employee representatives according to the Works Constitution Act, and the relevant departments involved in filling the respective position. These can include employees of the company that advertised the position as well as employees of K+S Aktiengesellschaft. Other recipients are processors for hosting and further development of our website, authorities and state institutions, such as social security agencies, courts, or authorities to which we must transmit personal data for legally compelling reasons. Also, tax advisors, insurance companies, or similar auxiliaries to whom data is transmitted based on consent or a legal basis. In web meetings, providers of such services and participants of the meetings can also be recipients. |
| Third country transfer: | In principle, data processing takes place within the EU. It is possible that our processor may transfer the data transferred to it to companies based in third countries in order to perform the above-mentioned processing activities. For this data transfer, our processor assures us that the conditions set out in Chapter V of the GDPR will be complied with. Copies of the corresponding guarantees can be obtained from the contact details provided in Section 1. |
| Storage period of personal data: | Data of rejected applicants will be deleted 6 months after the position has been filled. The 6-month period results from § 15 para. 4 AGG in conjunction with § 61b ArbGG. If an applicant withdraws their application prematurely, their data will be deleted the next working day. If the application is incomplete, the data will be deleted after one month. In the case of a successful application, the data provided will be processed based on Art. 6 para. 1 lit. b GDPR for the purpose of executing the employment relationship, as far as necessary for the execution of the employment relationship. The remaining data will be deleted 6 months after the position has been filled. If you have given us your consent to be included in our candidate pool, we will store your data for a maximum of 18 months after the end of your application process (expiry of your consent). If you withdraw your consent earlier, we will delete your data immediately. Your personal data, which we process to prove your consent, will be deleted 3 years after the end of the year in which you withdrew your consent or it expired (see above). If your data is also processed for other purposes mentioned in this privacy policy, please also note the storage periods mentioned for these purposes. |
| Obligation to provide personal data and consequences of non-provision: | You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for a decision on the establishment and execution of an employment relationship with us. If you do not provide us with this personal data during an application, we may not be able to make a decision on the establishment of an employment relationship with you. |
| Further information: | " As far as we use Microsoft services for participation in web meetings, Microsoft is responsible for data processing. Regarding the processing of personal data by Microsoft, we refer to their privacy notices: https://privacy.microsoft.com/de-de/privacystatement." |
4.1.4. Cookies
Non-consent-requiring cookies and the associated data processing:
The legal basis for accessing your terminal device is § 25 (2) no. 2 TDDDG, the legal basis for the subsequent processing of your personal data is Art. 6 (1) lit. f) GDPR. Our legitimate interests for processing personal data are the interest in providing the website, the interest in protection against automated entries by bots, as well as our interest in being able to obtain consent for services on the website that require consent. In the latter case, the legal basis is also Art. 6 (1) lit. c in conjunction with Art. 5 (1) lit. a, (2), Art. 7 (1) GDPR (fulfillment of a legal obligation, namely the obligation to be able to prove granted consent).
| Name and description of the service | Workday Recruiting: Service for collecting data from applicants for a job posting. |
| Purpose | Provision of the service, abuse detection, website security |
| Technologies used | Cookies, Local Storage |
| Data collected | Browser fingerprint, time zone, region |
| Legal basis | Abuse detection, website security: Consent pursuant to § 25 (1) sentence 1 TDDDG Provision of the service: Technical necessity pursuant to § 25 (2) no. 2 TDDDG |
| Place of processing | Irland |
| Transfer to a third country | no |
| Retention period | 30 minutes |
| Data recipient | Workday Limited |
| Name and description of the service | LinkedIn Button: Service for applying using LinkedIn |
| Purpose | Provision of the service, abuse detection, website security |
| Technologies used | Cookies, web beacons |
| Data collected | Consent data, hardware fingerprint (data for uniquely identifying the terminal device) Data for re-identifying a user logged in with MFA authentication |
| Legal basis | Consent pursuant to § 25 (1) sentence 1 TDDDG |
| Place of processing | Irland |
| Transfer to a third country | no |
| Retention period | maximum 1 year |
| Data recipient | LinkedIn Ireland Unlimited Company |
4.1.4. Applicant Account
| Processed personal data: | Email address, job alert (if set up by you), previous applications, status of the processing of your applications. |
| Purpose: | Status tracking, withdrawal, deletion of your application by yourself, and simplification of future applications, information about further suitable job offers. |
| Legal basis: | Consent pursuant to Art. 6 (1) lit. a) GDPR. The data processing for the proof of your consent is carried out on the basis of Art. 6 (1) lit. c) in conjunction with Art. 5 (1) lit. a), (2), Art. 7 (1) GDPR. |
| Recipient of the personal data: | Internal departments, processors for hosting and further development of our website, government authorities upon request |
| Third country transfer: | In principle, data processing takes place within the EU. It is possible that our processor may transfer the data transferred to it to companies based in third countries in order to perform the above-mentioned processing activities. For this data transfer, our processor assures us that the conditions set out in Chapter V of the GDPR will be complied with. Copies of the corresponding guarantees can be obtained from the contact details provided in Section 1. |
| Storage period of personal data: | Your data will be stored until you withdraw your consent. |
5. Definitions
K+S AG:
K+S Aktiengesellschaft, Bertha-von-Suttner-Straße 7, 34131 Kassel, Germany, Email: [datenschutz@k-plus-s.com](mailto:datenschutz@k-plus-s.com) (hereinafter "we")
Google:
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Cookies and similar technologies:
Cookies are small text files that are stored on your device via the web browser used. Other technologies are used on our website that store information on your device or access information already stored on your device.
Improve information offerings of K+S AG:
We analyze how visitors use our website and newsletter so that we can continuously improve and make our website and newsletter more intuitive as information offerings.
Display additional information services:
We provide you with additional information services on our website to display maps, videos, social media posts about K+S or the K+S stock price.
Schutz dieser Website:
Wir setzen Dienste ein, um unsere Website vor Missbrauch und Betrugsversuchen, z.B. durch maschinell erzeugten Spam, zu schützen.
Protect this website:
We use services to protect our website from misuse and fraud attempts, e.g., through machine-generated spam.
Website usage data:
Website usage data: We process how you navigate our website, which articles you click on, which information offerings you use.
Processing:
any handling of personal data (e.g., collection, recording, organization, arrangement, storage, alteration, transmission of data). No transmission to other than the expressly named third parties takes place.
Insecure third countries:
States outside the European Economic Area (EEA) where there is no adequacy decision by the EU Commission ([https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en](https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)). Therefore, compliance with the data protection principles of Union law is not guaranteed, so that there may be a violation of fundamental rights and freedoms. The exercise of the rights of affected individuals under the General Data Protection Regulation (e.g., access, rectification, deletion, compensation) and their administrative or judicial enforcement may also be difficult or excluded. Details see above.
Revoke:
As an affected person, you have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation. You can revoke your consent above.
Letzte Änderung: 15.09.25